REMARKS 



This Amendment is submitted with a Request for Continued Examination (RCE) filed on 
April 27, 2009. Claims 1-21 are cancelled, and Claims 22-41 are added. Upon entry of the 
present Amendment, Claims 22-41 will now be pending. 

As stated above, in this Amendment, Applicants have cancelled Claims 1-21 from further 
consideration in this application to facilitate expeditious prosecution of the application. 
Applicants are not conceding that the subject matter encompassed by the claims prior to this 
Amendment is unpatentable over the art cited by the Examiner. Applicants respectfully reserve 
the right to pursue claims in one or more continuing applications, including claims capturing the 
subject matter encompassed by Claims 1-21 prior to this Amendment and additional claims. 

Rejections Under 35 U.S.C § 102 

On page 3 of the March 3, 2009 Final Office Action, Claims 1, 8, and 15 were rejected 

s 

under 35 U.S.C. § 103(a) as being unpatentable over Reshef et al (U.S. Patent Application 
Publication No. 2003/0233581 - "Reshef) in view of Magdych, et al (U.S. Patent No. 
7,096,503 - "Magdych"). On page 6 of the Final Office Action, Claims 2, 9, and 16 were 
rejected under 35 U.S.C. § 103(a) as being unpatentable over Reshef m view of Magdych and 
Applicants Admitted Prior Art Q'AAPA"). On page 7 of the Final Office Action, Claims 2-6, 10- 
13, and 17-20 were rejected under 35 U.S.C. § 103(a) as being unpatentable over Reshef in view 
of Magdych and further view of Neelay, et al (U.S. Patent Application Publication No. 
2004/0064722 - "Neelay"), On page 10 of the Final Office Action, Claims 7, 14, and 21 were 
rejected under 35 U.S.C. § 103(a) as being unpatentable over Reshef m view of Magdych and 
further view of Cedar, et al (U. S. Patent Application Publication No. 2003/0236994 - 
"Cedar"). Claims 1-21 are now cancelled, and thus these rejections are moot 

With respect to exemplary new Claim 22, a combination of the cited art does not teach or 
suggest: 

A method comprising: 
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"generating, by a first vulnerability analysis and fortification (VAF) agent operating in a 
hardware-based system" (supported in the originally filed specification at paragraph [0030]), "a 
first process representation of a first process, wherein the first process comprises a series of 
sequential operations that are represented by multiple nodes in the first process representation, 
and wherein the first VAF agent monitors the first process for security exposures;' 1 (supported in 
paragraph [0015] of the originally filed specification) 

"defining legal and illegal interfaces between the multiple nodes in the first process 
representation, wherein a legal interface between a first node and a second node in the first 
process representation reflects an authorization for operations represented by the first node and 
the second node to be linked, and wherein an illegal interface reflects a lack of authorization for 
operations represented by the first node and the second node to ever be directly linked;" 
(supported in paragraph [0015]) 

"generating, by a second VAF agent, a second process representation of a second 
process;" (supported in paragraph [0015]) 

" comparing nodes from the first process representation to nodes of the second process 
representation, wherein the second VAF agent monitors the second process for security 
exposures;" (supported in paragraph [0026]) and 

"in response to the nodes of the first process representation matching nodes in the second 
process representation, sending an alert from the first VAF agent to the second VAF agent, 
wherein the alert identifies the illegal interfaces between nodes in the first process representation 
as potential illegal interfaces between nodes in the second process representation" (supported in 
paragraphs [001 1] and [0026]). 

With respect to exemplary new Claim 22, a combination of the cited art does not teach or 
suggest "wherein the legal interface further reflects a requisite action in the first node that is 
required to reach the second node, and wherein the illegal interface further reflects an absence of 
the requisite action in the first node", as supported in paragraph [0015] of the original 
specification. 

With respect to exemplary new Claim 24, a combination of the cited art does not teach or 
suggest "wherein the legal interface further reflects a requisite return code being transmitted 
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from the second node to the first node, wherein the requisite return code is transmitted in 
response to a password being sent from the first node to the second node", as supported in the 
original specification in paragraph [0010]. 

With respect to exemplary new Claim 25, a combination of the cited art does not teach or 
suggest: 

"in response to the first VAF agent detecting the illegal interface, creating, by the first 
V AF agent, a security patch that prohibits the first node from being linked to the second node;" 
(supported in the original specification in paragraph [0026]) and 

"transmitting the security patch from the first VAF agent to the second VAF agent" 
(supported in paragraph [0026]). 

With respect to exemplary new Claim 26, a combination of the cited art does not teach or 
suggest "wherein the first process and the second process are component parts of a single 
distributed software system ", as supported in the original specification in paragraph [001 1]. 

With respect to exemplary new Claim 27, a combination of the cited art does not teach or 
suggest "wherein the first process representation and the second process representation are 
derived from an extensible markup language (XML) description of the respective first process 
and the second process", as supported in the original specification in paragraph [0015]. 

With respect to exemplary new Claim 28, a combination of the cited art does not teach or 
suggest "wherein the XML description of the first process is stored in a security server that is 
protected by a first firewall detection system, and wherein the XML description of the second 
process is stored in the security server and is protected by a different second firewall detection 
system ", as supported in the original specification in paragraphs [0013] - [0014] and by elements 
112, 114, 120, 122, and 126 in FIG. 1. 

With respect to exemplary new Claim 29, a combination of the cited art does not teach or 
suggest "wherein the method described in claim 22 is embodied as an add-on software 
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component " (supported in the original specification in paragraph [0028]), "the method further 
comprising: 

adding the add-on software component to an enterprise solution before shipping the 
enterprise software solution to a customer, wherein the enterprise solution is based on the first 
process", as also supported in paragraph [0028]. 

With respect to exemplary new Claim 30, a combination of the cited art does not teach or 
suggest "wherein the first VAF agent and the second VAF agent are controlled by a single VAF 
tool ", as supported in the original specification by element 102 in FIG. 1 and in paragraph 
[0011]. 

With respect to exemplary new Claim 31, a combination of the cited art does not teach or 
suggest "wherein the first process representation and the second process representation are 
depicted as graphs '', as supported in the original specification by FIG. 2 and in paragraph [0009]. 



RSW920030219US1 - Preliminary Amendment B 



-10- 



J 0/795,776 



CONCLUSION 



As the cited prior art does not teach or suggest all of the limitations of the pending 
claims, Applicants now respectfully request a Notice of Allowance for all pending claims. 

If the Examiner believes that a telephone call would be useful in promoting the pending 
claims to allowance, a telephone call to the undersigned at 512.306.0796 would be greatly 
appreciated. 

No extension of time for this response is believed to be necessary. However, in the event 
an extension of time is required, that extension of time is hereby requested. Please charge any 
fee associated with an extension of time as well as any other fee necessary to further the 
prosecution of this application to IBM CORPORATION DEPOSIT ACCOUNT No, 09-0461. 



Respectfully submitted, 




James E. Boice 
Registration No, 44,545 
LAW OFFICE OF JIM BOICE 
3839 Bee Cave Road 
Suite 201 

West Lake Hills, Texas 78746 
512.306.1200 



ATTORNEY FOR APPLICANT(S) 
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